My pc is running slow, audio stutters also

[mikeh3k]

ComboFix 10-03-13.01 - mike 02/03/2010 20:59:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.1536.1278 [GMT -7:00]
Running from: c:\documents and settings\mike\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-01 21:51 . 2010-02-04 02:24 518 ----a-w- c:\documents and settings\mike\Application Data\iolo\Registry\Last\restore.bat
2010-02-01 21:51 . 2010-02-01 22:59 1525 ----a-w- c:\documents and settings\mike\Application Data\iolo\restore.bat
2010-02-01 20:37 . 2010-02-01 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-02-01 20:37 . 2010-02-10 00:02 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-02-01 20:37 . 2010-02-10 00:01 2164648 ----a-w- c:\windows\system32\Incinerator.dll
2010-02-01 20:37 . 2010-02-09 00:40 412600 ----a-w- c:\documents and settings\All Users\Application Data\iolo\EjectCDReminder.exe
2010-02-01 20:37 . 2010-01-29 00:13 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-02-01 20:37 . 2010-01-29 00:13 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-02-01 20:37 . 2010-02-01 20:37 -------- d-----w- c:\program files\iolo
2010-02-01 20:33 . 2010-02-01 20:33 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-02-01 20:33 . 2010-02-03 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-02-01 20:33 . 2010-02-01 23:00 -------- d-----w- c:\documents and settings\mike\Application Data\iolo
2010-02-01 20:17 . 2010-02-01 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-01 20:15 . 2010-02-01 20:15 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-01 20:15 . 2003-05-21 20:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-01 20:15 . 2010-02-01 20:16 -------- d-----w- c:\program files\AVSMedia
2010-02-01 02:14 . 2010-02-01 02:14 -------- d-----w- c:\windows\Downloaded Installations
2010-02-01 01:39 . 2010-02-01 01:39 -------- dc-h--w- c:\windows\$MSI30UninstallMSI30-KB884016$
2010-01-31 03:24 . 2010-01-31 03:24 -------- d-----w- c:\documents and settings\mike\Application Data\GRETECH
2010-01-31 03:15 . 2010-01-31 03:15 -------- d-----w- c:\program files\GRETECH
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\documents and settings\mike\Application Data\Ashampoo
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\ashampoo
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\program files\Ashampoo
2010-01-30 15:33 . 2010-01-30 15:33 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-30 15:33 . 2010-01-30 15:33 -------- d-----w- c:\program files\directx
2010-01-30 15:32 . 2003-05-07 18:11 794624 ------w- c:\windows\system32\SerifCommon0.dll
2010-01-30 15:32 . 2003-04-28 17:44 126976 ------w- c:\windows\system32\SerifAnimation0.dll
2010-01-30 15:32 . 2003-05-07 22:03 778240 ------w- c:\windows\system32\SerifUIGdi0.dll
2010-01-30 15:32 . 2003-05-07 21:56 1359872 ------w- c:\windows\system32\SerifGDI0.dll
2010-01-30 15:32 . 2003-05-07 18:13 425984 ------w- c:\windows\system32\SerifRaster0.dll
2010-01-30 15:32 . 2003-05-07 18:11 610304 ------w- c:\windows\system32\Serif2D0.dll
2010-01-30 15:32 . 2003-05-07 18:11 86016 ------w- c:\windows\system32\SerifKernel0.dll
2010-01-30 15:32 . 2003-04-28 18:07 585728 ------w- c:\windows\system32\SerifVideo0.dll
2010-01-30 15:32 . 2003-04-28 17:46 393216 ------w- c:\windows\system32\SerifVideoDX0.dll
2010-01-30 15:32 . 2003-04-28 17:45 49152 ------w- c:\windows\system32\SerifDSFiltEnum0.dll
2010-01-30 15:32 . 2003-04-28 17:44 630784 ------w- c:\windows\system32\Story0.dll
2010-01-29 16:19 . 2010-01-29 16:19 -------- d-----w- c:\documents and settings\mike\Application Data\dvdcss
2010-01-28 20:34 . 2010-01-28 20:34 -------- d-----w- c:\program files\7-Zip
2010-01-28 06:42 . 2010-01-28 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-28 06:42 . 2010-01-28 06:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\documents and settings\mike\Application Data\Malwarebytes
2010-01-28 04:44 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 04:44 . 2010-01-07 23:07 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 04:43 . 2010-01-28 04:43 -------- d-----w- c:\program files\CCleaner
2010-01-28 03:57 . 2010-01-28 03:57 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\IsolatedStorage
2010-01-28 03:57 . 2010-01-28 03:57 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\HP
2010-01-28 03:57 . 2010-01-28 03:57 127 ----a-w- c:\documents and settings\mike\Local Settings\Application Data\fusioncache.dat
2010-01-28 03:57 . 2010-02-01 22:19 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\ApplicationHistory
2010-01-28 03:21 . 2010-01-28 03:23 -------- d-----w- C:\Nina
2010-01-27 22:58 . 2010-01-27 23:08 -------- d-----w- c:\documents and settings\mike\Application Data\HP
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-27 22:55 . 2010-01-27 22:55 -------- d-----w- C:\bin
2010-01-27 22:47 . 2010-01-27 22:48 -------- d-----w- c:\windows\system32\URTTemp
2010-01-27 22:46 . 2010-01-27 22:52 -------- d-----w- c:\program files\Common Files\HP
2010-01-27 22:43 . 2010-01-27 22:44 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-27 22:41 . 2006-02-01 00:48 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-01-27 22:41 . 2006-02-01 00:48 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-01-27 22:41 . 2006-01-04 08:12 77824 ----a-r- c:\windows\system32\HPZIDS01.dll
2010-01-27 22:41 . 2006-02-09 22:45 48128 ----a-w- c:\windows\system32\hpzll054.dll
2010-01-27 22:41 . 2006-02-09 22:43 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll
2010-01-27 22:40 . 2001-08-17 20:53 13824 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-27 22:40 . 2001-08-17 20:53 13824 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-27 22:38 . 2005-11-23 04:58 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-01-27 22:38 . 2005-03-15 10:09 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-01-27 22:38 . 2005-03-15 08:35 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-01-27 22:38 . 2005-03-09 08:25 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-01-27 22:38 . 2005-03-09 08:25 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-01-27 22:38 . 2005-03-15 08:33 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-01-27 22:38 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-27 22:35 . 2001-08-17 21:03 21760 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-27 22:33 . 2010-01-27 23:03 118663 ----a-w- c:\windows\hpoins09.dat
2010-01-27 22:33 . 2010-02-01 20:23 20608 ----a-w- c:\documents and settings\mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 21:24 . 2010-02-04 03:49 -------- d-----w- c:\documents and settings\mike\Application Data\Vso
2010-01-27 21:24 . 2010-01-27 21:24 81920 ----a-w- c:\documents and settings\mike\Application Data\ezpinst.exe
2010-01-27 21:24 . 2010-01-27 21:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-27 21:24 . 2010-01-27 21:24 47360 ----a-w- c:\documents and settings\mike\Application Data\pcouffin.sys
2010-01-27 21:24 . 2010-01-27 22:31 -------- d-----w- c:\program files\DVDFab Platinum 3
2010-01-25 14:50 . 2010-02-03 08:41 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\NewsBin
2010-01-25 14:50 . 2010-01-25 14:51 -------- d-----w- c:\program files\NewsBin
2010-01-25 10:28 . 2010-01-25 10:52 103511 ------w- c:\windows\hpoins04.dat
2010-01-25 10:28 . 2004-06-22 15:04 17176 ------w- c:\windows\hpomdl04.dat
2010-01-25 10:05 . 2010-01-25 10:05 -------- d-----w- C:\WUTemp
2010-01-25 10:05 . 2003-08-26 01:06 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll
2010-01-25 10:05 . 2003-08-26 01:06 182880 ----a-w- c:\windows\system32\iuengine.dll
2010-01-25 09:44 . 2010-01-25 09:44 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-25 08:55 . 2010-01-27 22:44 -------- d-----w- c:\program files\HP
2010-01-25 08:53 . 2010-01-25 08:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-25 07:27 . 2001-08-17 21:00 5632 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-01-25 07:27 . 2001-08-17 21:00 5632 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-25 07:25 . 2010-02-01 02:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-25 07:25 . 2010-01-25 07:25 -------- d-----w- C:\Diamond
2010-01-25 07:25 . 2010-01-25 07:25 -------- d-----w- c:\program files\Xtreme Sound Driver Setup
2010-01-25 07:19 . 2010-02-03 05:41 -------- d-----w- c:\documents and settings\mike\Application Data\vlc
2010-01-25 07:11 . 2010-01-25 07:11 -------- d-----w- c:\program files\VideoLAN
2010-01-25 03:35 . 2010-01-25 03:35 -------- d-s---w- c:\documents and settings\mike\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 15:33 . 2010-01-30 15:31 -------- d-----w- c:\program files\Serif
2010-01-30 15:31 . 2010-01-30 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 22:53 . 2010-01-27 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-27 22:53 . 2010-01-27 22:53 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-25 07:26 . 2010-01-25 07:26 -------- d-----w- c:\program files\Xtreme Sound PCI
2010-01-25 02:10 . 2010-01-25 02:10 -------- d-----w- c:\program files\microsoft frontpage
2010-01-25 02:08 . 2010-01-25 02:08 80007 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-25 02:00 . 2010-01-25 02:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/1/2010 1:37 PM 665008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/1/2010 1:37 PM 665008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.CPL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 21:10
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\mike\LOCALS~1\Temp\STS5.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(560)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\HPZipm12.exe
c:\windows\System32\RunDll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-02-03 21:15:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 04:14

Pre-Run: 28,478,181,376 bytes free
Post-Run: 28,458,881,024 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 8A2ED6A2922BF5D211297B4ADD437ED2

[Kenny94]

Hi mikeh3k

This is not the same PC we work on previously. Also, there's no virus software? This PC is severely infected.


Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open.

Post the contents of that file in your next reply.

[mikeh3k]

Hi Kenny,

its a different PC - the one I use to DL everything "unsafe" off of the UseNet news groups. I'm not really surprised at its condition.

Mike

[Kenny94]

Please download a free anti-virus software from one these excellent vendors. But just one of them.

• Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
• avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
• AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.
  

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Let me know when you have done this....

[mikeh3k]

Should I run Avira anti-virus software now?

4300
4300_Help
4300Trb
7-Zip 4.65
Adobe Flash Player 10 ActiveX
AiO_Scan
AiO_Scan_CDA
AiOSoftwareNPI
Ashampoo Burning Studio 6 FREE
AVS Cover Editor 1.3.1.79 (AVSMedia)
AVS DVD Copy version 1.4
BufferChm
CCleaner
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
DVDFab Platinum 3.0.3.0 Ghosthunter release
eSupportQFolder
Eusing Free Registry Cleaner
Fax_CDA
FullDPAppQFolder
GOM Player
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 4.2
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iolo technologies' System Mechanic
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Visual C++ 2005 Redistributable
NewCopy_CDA
NewsBin Pro
OCR Software by I.R.I.S 7.0
PanoStandAlone
PhotoGallery
ProductContextNPI
QFolder
RandMap
Readme
Scan
ScannerCopy
Serif ImpactPlus 5.0
SkinsHP1
SlideShow
SolutionCenter
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Unload
VLC media player 1.0.3
WebFldrs XP
WebReg
Windows Installer 3.0 (KB884016)
Xtreme Sound PCI

[Kenny94]

Quote:Should I run Avira anti-virus software now?

No not yet.

Drag ComboFix Icon in to the Recycle Bin.

Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  A guide to do this can be found here
• Double click on ComboFix.exe & follow the prompts
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
  

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log

[mikeh3k]

ComboFix 10-03-15.04 - mike 03/15/2010 16:31:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.1536.1234 [GMT -7:00]
Running from: c:\documents and settings\mike\Desktop\Commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 21:00 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-15 21:00 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-15 21:00 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-15 21:00 . 2010-03-15 21:00 -------- d-----w- c:\program files\Avira
2010-03-15 21:00 . 2010-03-15 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 23:42 . 2010-02-01 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-03-15 21:58 . 2010-02-01 21:51 1525 ----a-w- c:\documents and settings\mike\Application Data\iolo\restore.bat
2010-03-15 21:52 . 2010-02-01 21:51 518 ----a-w- c:\documents and settings\mike\Application Data\iolo\Registry\Last\restore.bat
2010-02-10 00:02 . 2010-02-01 20:37 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-02-10 00:01 . 2010-02-01 20:37 2164648 ----a-w- c:\windows\system32\Incinerator.dll
2010-02-09 00:40 . 2010-02-01 20:37 412600 ----a-w- c:\documents and settings\All Users\Application Data\iolo\EjectCDReminder.exe
2010-02-04 04:42 . 2010-01-25 07:19 -------- d-----w- c:\documents and settings\mike\Application Data\vlc
2010-02-04 03:49 . 2010-01-27 21:24 -------- d-----w- c:\documents and settings\mike\Application Data\Vso
2010-02-01 23:00 . 2010-02-01 20:33 -------- d-----w- c:\documents and settings\mike\Application Data\iolo
2010-02-01 20:37 . 2010-02-01 20:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-02-01 20:37 . 2010-02-01 20:37 -------- d-----w- c:\program files\iolo
2010-02-01 20:33 . 2010-02-01 20:33 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-02-01 20:23 . 2010-01-27 22:33 20608 ----a-w- c:\documents and settings\mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 20:17 . 2010-02-01 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-01 20:16 . 2010-02-01 20:15 -------- d-----w- c:\program files\AVSMedia
2010-02-01 20:15 . 2010-02-01 20:15 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-01 02:14 . 2010-01-25 07:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-31 03:24 . 2010-01-31 03:24 -------- d-----w- c:\documents and settings\mike\Application Data\GRETECH
2010-01-31 03:15 . 2010-01-31 03:15 -------- d-----w- c:\program files\GRETECH
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\documents and settings\mike\Application Data\Ashampoo
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-01-30 15:43 . 2010-01-30 15:43 -------- d-----w- c:\program files\Ashampoo
2010-01-30 15:33 . 2010-01-30 15:33 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-30 15:33 . 2010-01-30 15:33 -------- d-----w- c:\program files\directx
2010-01-30 15:33 . 2010-01-30 15:31 -------- d-----w- c:\program files\Serif
2010-01-30 15:31 . 2010-01-30 15:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 16:19 . 2010-01-29 16:19 -------- d-----w- c:\documents and settings\mike\Application Data\dvdcss
2010-01-29 00:13 . 2010-02-01 20:37 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-01-29 00:13 . 2010-02-01 20:37 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-01-28 20:34 . 2010-01-28 20:34 -------- d-----w- c:\program files\7-Zip
2010-01-28 09:31 . 2010-01-28 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-28 06:47 . 2010-01-28 06:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\documents and settings\mike\Application Data\Malwarebytes
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 04:44 . 2010-01-28 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 04:43 . 2010-01-28 04:43 -------- d-----w- c:\program files\CCleaner
2010-01-28 03:57 . 2010-01-28 03:57 127 ----a-w- c:\documents and settings\mike\Local Settings\Application Data\fusioncache.dat
2010-01-27 23:08 . 2010-01-27 22:58 -------- d-----w- c:\documents and settings\mike\Application Data\HP
2010-01-27 23:03 . 2010-01-27 22:33 118663 ----a-w- c:\windows\hpoins09.dat
2010-01-27 22:57 . 2010-01-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-01-27 22:53 . 2010-01-27 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-27 22:53 . 2010-01-27 22:53 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-27 22:52 . 2010-01-27 22:46 -------- d-----w- c:\program files\Common Files\HP
2010-01-27 22:44 . 2010-01-27 22:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-27 22:44 . 2010-01-25 08:55 -------- d-----w- c:\program files\HP
2010-01-27 22:31 . 2010-01-27 21:24 -------- d-----w- c:\program files\DVDFab Platinum 3
2010-01-27 21:24 . 2010-01-27 21:24 81920 ----a-w- c:\documents and settings\mike\Application Data\ezpinst.exe
2010-01-27 21:24 . 2010-01-27 21:24 81920 ----a-w- c:\documents and settings\mike\Application Data\ezpinst.exe
2010-01-27 21:24 . 2010-01-27 21:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-27 21:24 . 2010-01-27 21:24 47360 ----a-w- c:\documents and settings\mike\Application Data\pcouffin.sys
2010-01-27 21:24 . 2010-01-27 21:24 47360 ----a-w- c:\documents and settings\mike\Application Data\pcouffin.sys
2010-01-25 14:51 . 2010-01-25 14:50 -------- d-----w- c:\program files\NewsBin
2010-01-25 10:52 . 2010-01-25 10:28 103511 ------w- c:\windows\hpoins04.dat
2010-01-25 09:44 . 2010-01-25 09:44 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-25 08:53 . 2010-01-25 08:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-25 07:26 . 2010-01-25 07:26 -------- d-----w- c:\program files\Xtreme Sound PCI
2010-01-25 07:25 . 2010-01-25 07:25 -------- d-----w- c:\program files\Xtreme Sound Driver Setup
2010-01-25 07:11 . 2010-01-25 07:11 -------- d-----w- c:\program files\VideoLAN
2010-01-25 02:10 . 2010-01-25 02:10 -------- d-----w- c:\program files\microsoft frontpage
2010-01-25 02:08 . 2010-01-25 02:08 80007 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-25 02:00 . 2010-01-25 02:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 23:07 . 2010-01-28 04:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2010-01-28 04:44 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [3/15/2010 2:00 PM 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [3/15/2010 2:00 PM 45416]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/1/2010 1:37 PM 665008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2/1/2010 1:37 PM 665008]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/15/2010 2:00 PM 108289]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 16:42
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\ODBC32.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-03-15 16:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 23:46
ComboFix2.txt 2010-02-04 04:15

Pre-Run: 28,195,803,136 bytes free
Post-Run: 28,210,585,600 bytes free

- - End Of File - - 1B2806C9E90297951826C8F02B403687

[Kenny94]

• Launch Malwarebytes' Anti-Malware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[Kenny94]

While we appriciate you are busy it has been 4 days (or more) since we heard from you. Fresh fixes will now have to be given as malware can change during this period.

You can help support this site from this link, Donations are not required. The only advantage to gain from this is that you support TechMonkeys. The support you get from Techmonkeys will not be speeded up as all users are equal.
Donation link is on the front page

Please PM a mod or an admin if you require this thread to be opened or start a new topic. Make sure you include a valid link and the user name used.